SlideShare uma empresa Scribd logo

First Improvised Security Conference Google Search

Transferir como PPT, PDF
Conferencias FIST
Conferencias FIST

The document describes an upcoming security conference titled "First Improvised Security Testing Conference" to be held on August 8th, 2003 in Madrid. It then provides details about a talk to be given by speaker Vicente Aceituno titled "Advanced Google Searching: Google as a hacking tool". The talk will cover various advanced search techniques using Google to find vulnerable servers, files, and other useful information for security testing purposes. These techniques include directory listings, common default pages, language translations, and the potential use of autonomous "robots" to identify targets.

Tecnologia
1 de 60
First Improvised Security Testing Conference Madrid, 8th August 2003 Advanced Google Sear ching Google as a hacking tool Author: Johnny Long johnny@ihackstuff.com http://johnny.ihackstuff.com Speaker: Vicente Aceituno
Why Google?  Google caches all crawled web pages  Google provides instant response  Google provides document translations  Google provides language translation  Google provides web, news, catalog and ftp searches  Google is cool
Index Google Searching Default Web pages Directory listings Finding files Googlescan tools Rise of the Robots Prevention
Google Searching  Google provides a great deal of information about using it’s search engine in it’s fullest capacity.  The following tables are copied verbatim from Google’s usage documents
Basic Searching Special Query Example Query Description Capability If a common word is essential to getting the results you Include Query Star Wars Episode want, you can include it by putting a "+" sign in Term +I front of it. You can exclude a word from your search by putting a Exclude Query bass -music minus sign ("-") immediately in front of the term you Term want to exclude from the search results. Search for complete phrases by enclosing them in quotation marks or connecting them with hyphens. Words marked in this way will appear together in Phrase Search "yellow pages" all results exactly as entered. Note: You may need to use a "+" to force inclusion of common words in a phrase. Google search supports the Boolean "OR" operator. To Boolean OR vacation london OR retrieve pages that include either word A or word Search paris B, use an uppercase OR between terms.
Filtering/Exclusion The query prefix "filetype:" filters the results returned to include only documents with the extension specified immediately after. Note there can be no space Google filetype:doc OR File Type Filtering between "filetype:" and the specified filetype:pdf extension. Note: Multiple file types can be included in a filtered search by adding more "filetype:" terms to the search query. The query prefix "-filetype:" filters the results to exclude documents with the extension specified immediately after. Google -filetype:doc - Note there can be no space between "- File Type Exclusion filetype:pdf filetype:" and the specified extension. Note: Multiple file types can be excluded in a filtered search by adding more "- filetype:" terms to the search query.
Filtering site/date If you know the specific web site you want to search but aren’t sure where the information is located within that site, you can use Google to search only within a specific web site. Do this by entering your query followed by the Site Restricted admission site:www.stanford.edu string “site:” followed by the host name. Search Note: The exclusion operator (“-“) can be applied to this query term to remove a web site from consideration in the search. Note: Only one site: term per query is supported. If you want to limit your results to documents that were published within a specific date range, then you can use the “daterange: “ query term to accomplish this. The “daterange:” query term must be in the following format: daterange:<start_date>-<end date> where Date Restricted Star Wars daterange:2452122- <start_date> = Julian date indicating the start of Search 2452234 the date range <end_date> = Julian date indicating the end of the date range The Julian date is calculated by the number of days since January 1, 4713 BC. For example, the Julian date for August 1, 2001 is 2452122.
Title searching If you prepend "intitle:" to a query term, Google search restricts the results to documents containing that word in the title. Note there can be no space between Title Search (term) intitle:Google search the "intitle:" and the following word. Note: Putting "intitle:" in front of every word in your query is equivalent to putting "allintitle:" at the front of your query. Starting a query with the term "allintitle:" Title Search (all) allintitle: Google search restricts the results to those with all of the query words in the title.
URL Searches If you prepend "inurl:" to a query term, Google search restricts the results to documents containing that word in the result URL. Note there can be no space between the "inurl:" and the following word. Note: "inurl:" works only on words , not URL components. In particular, it ignores URL Search (term) inurl:Google search punctuation and uses only the first word following the "inurl:" operator. To find multiple words in a result URL, use the "inurl:" operator for each word. Note: Putting "inurl:" in front of every word in your query is equivalent to putting "allinurl:" at the front of your query. Starting a query with the term "allinurl:" restricts the results to those with all of the query words in the result URL. Note: "allinurl:" works only on words, not URL components. In particular, it ignores punctuation. Thus, "allinurl: foo/bar" restricts URL Search (all) allinurl: Google search the results to pages with the words "foo" and "bar" in the URL, but does not require that they be separated by a slash within that URL, that they be adjacent, or that they be in that particular word order. There is currently no way to enforce these constraints.
Text/Link Searching Starting a query with the term “allintext:” allintext: Google restricts the results to those with all of Text Only Search (all) search the query words in only the body text, ignoring link, URL, and title matches. Starting a query with the term “allinlinks:” allinlinks: Google restricts the results to those with all of Links Only Search (all) search the query words in the URL links on the page.
Link Searches The query prefix "link:" lists web pages that have links to the specified web page. Note there can be no space between Back Links link:www.google.com "link:" and the web page URL. Note: No other query terms can be specified when using this special query term. The query prefix "related:" lists web pages that are similar to the specified web related:www.google.co page. Note there can be no space Related Links m between "link:" and the web page URL. Note: No other query terms can be specified when using this special query term.
Translation service Google offers a very nice language translation service.
Tricks  When www.google.com is not available, try www2.google.com or www3.google.com.  Reading the google’s cache can prevent filters to know what page are you seeing.  You can get the same result we trick an english-to-english translation. http://translate.google.com/translate (main URL) ?u=http://www.defcon.org&langpair=en|en (options)
Intuitive Google Sear ches Default Web Pages
Windows-based default server intitle:"Welcome to Windows 2000 Internet Services"
Windows-based default server intitle:"Under construction" "does not currently have"
Windows NT 4.0 intitle:“Welcome to IIS 4.0"
OpenBSD/Apache (scalp=) “powered by Apache” “powered by openbsd"
Apache 1.2.6 Intitle:”Test Page for Apache” “It Worked!”
Apache 1.3.0 – 1.3.9 Intitle:”Test Page for Apache” “It worked!” “this web site!”
Apache 1.3.11 - 1.3.26 "seeing this instead" intitle:"Test Page for Apache"
Apache 2.0 Intitle:”Simple page for Apache” “Apache Hook Functions”
Apache Version Info Apache Number of Version Servers 1.3.6 119,000.00 1.3.3 151,000.00 1.3.14 159,000.00 1.3.24 171,000.00 Google told 1.3.9 203,000.00 us all this. 2.0.39 256,000.00 We’ll discuss 1.3.23 259,000.00 how in the next section. 1.3.19 260,000.00 1.3.12 300,000.00 1.3.20 353,000.00 1.3.22 495,000.00 1.3.26 896,000.00
Intuitive Sear ches Directory Listings
Directory Listings  Directory listings are often misconfigurations in the web server.  A directory listing shows a list of files in a directory as opposed to presenting a web page.  Directory listings can provide very useful information.
Directory Example Intitle:”Index of” This query serves as the basis for all directory searches…
Directory Info Gathering Some servers, like Apache, generate a server version tag.
Esoteric Apache Versioning Esoteric Apache Versions found on Google query: intitle:"Index of" "Apache/[ver] Server at" Number of Servers 80000 69,300 64,200 65,000 70000 60,500 62,900 60000 45,200 50000 40000 27,300 30000 20000 9,400 10000 33 30 245 310 5 207 93 74 61 3 9 20 2 1 30 474 ,1 1 20 ,1 739 0 1.3.26+interserver 1.3.xx 1.3.4-dev 1.3.7-dev 2.0.40-dev 1.3.15-dev 1.3.21-dev 1.3.23-dev 1.3.24-dev 2.0.37-dev 1.3.17-HOF 1.2.6 1.3.0 1.3.1 1.3.2 1.3.4 1.3.11 1.3.17 2.0.16 2.0.18 2.0.28 2.0.32 2.0.35 2.0.36 1.3b6 Ap a c h e V e r s io n
Common Apache Versioning Common Apache Versions found on Google query: intitle:"Index of" "Apache/[ver] Server at" 1.000.000,00 896.000 Number of Servers 800.000,00 600.000,00 495.000 353.000 400.000,00 300.000 260.000 259.000 256.000 159.000 171.000 151.000 203.000 200.000,00 119.000 0,00 1.3.12 1.3.14 1.3.19 1.3.20 1.3.22 1.3.23 1.3.24 1.3.26 2.0.39 1.3.3 1.3.6 1.3.9 Apache Server Version
Intuitive Searches Finding Files
test-cgi Intitle:”Index of” test-cgi
ws_ftp.log Intitle:”Index of” ws_ftp.log
Secring.pgp Intitle:”Index of” secring.php
config.php Intitle:”Index of” config.php
administrators.pwd Intitle:”Index of” administrators.pwd
ws_ftp.ini Intitle:”Index of” ws_ftp.ini Tip: Got to http://www.hispasec.com/directorio/laboratorio/Software/ws_ftp.html
.htpasswd Intitle:”Index of” .htpasswd
.htpasswd Intitle:”Index of” .htpasswd
/etc/shadow Intitle:”Index of” etc shadow
Advanced Techniques Googlescan
Googlescan  With a known set of file-based web vulnerabilities, a vulnerability scanner based on search engines is certainly a reality.
Googlescan … /scancfg.cgi /cgi-bin/CrazyWWWBoard.cgi Armed with a list /cgi-bin/pals-cgi of cgi exploits /ROADS/cgi-bin/search.pl from any /way-board/way-board.cgi common CGI /cgi-bin/replicator/webpage.cgi scanner… /cgi-bin/auktion.pl /cgi-bin/webspirs.cgi /cgi-bin/ipf/etc/gfw/ui/pwd.dat /cgi-bin/hsx.cgi /cgi-bin/mailnews.cgi /cgi-bin/adcycle /cgi-bin/post-query /cgi-bin/ikonboard/help.cgi /cgi-bin/webspirs.cgi …
Googlescan.sh rm temp awk -F"/" '{print $NF"|http://www.google.com/search?q= intitle%3A%22Index+of%22+"$NF}' vuln_files > queries for query in `cat queries` do echo -n $query"|" >> temp echo $query | awk -F"|" '{print $2}' lynx -source `echo $query | awk -F"|" '{print $2}'` | grep "of about" | awk -F "of about" '{print $2}' | awk -F"." '{print $1}' | tr -d "</b>[:cntrl:] " >> temp echo " " >> temp Done cat temp | awk -F"|" '{print "<A HREF="" $2 "">" $1 " (" $3 "hits) </A><BR><BR>"}' | grep -v "(1,770,000" > report.html
Googlescan.sh  A simple shell script presents an html- formatted list of potentially vulnerable or interesting web servers.
Googlescan.sh output
Niktoogle.exe output
http://johnny.ihackstuff.com/googledorks.shtml
Advanced Techniques Rise of the Robots
Rise of the Robots  Michal Zalewski wrote a great article for Phrack (57/10) which presented the idea of the use of autonomous search robots in server exploitation
Rise of the Robots “Consider a remote exploit that is able to compromise a remote system without sending any attack code to his victim. Consider an exploit which simply creates local file to compromise thousands of computers, and which does not involve any local resources in the attack. Welcome to the world of zero-effort exploit techniques. Welcome to the world of automation, welcome to the world of anonymous, dramatically difficult to stop attacks resulting from increasing Internet complexity.” –Michal Zalewski
The Concept  Web robots crawl a web page indexing files it is allowed to find.  Any links that are found on the indexed pages are followed as well.  Instead of standard web links, create a payload of “exploit” links for the crawlers to consume.
Simple Example Michal presents the following example links on his indexed web page: http://somehost/cgi-bin/script.pl?p1=../../../../attack http://somehost/cgi-bin/script.pl?p1=;attack http://somehost/cgi-bin/script.pl?p1=|attack http://somehost/cgi-bin/script.pl?p1=`attack` http://somehost/cgi-bin/script.pl?p1=$(attack) http://somehost:54321/attack?`id` http://somehost/AAAAAAAAAAAAAAAAAAAAA...
Simple Example  The robots followed all the links as written, including connecting to non-http ports.  The robots followed the “attack links,” performing the attack completely unaware.
Think Big  Michael goes on to postulate that randomly generated, massive lists would cause much more of a problem.  A simple PERL or CGI script randomly generating attack links in the thousands and teens of thousands would create a huge problem!  Who would be liable?
Google doesn’t stop  Tomorrow there will be even more sofisticated features…try this:  http://labs1.google.com/cgi-bin/gviewer.cgi?q= intitle%3Aindex.of.private&delay=8&start=0  http://labs.google.com/sets?hl=en&q1=password& passwd&q3=shadow&q4=etc&q5=&btn =Large+Set
Pr evention Locking it down
Advice  Google says it isn’t Google’s fault.  Google is very happy to remove references. See http://www.google.com/remove.html.  Follow the webmaster’s advice found at http://www.google.com/webmasters/  Get smarter.
/misc: “Google Hacks” There is this book. And it’s an O’REILLY book. But it’s not about hacking. It’s about searching.
Google Hotspots  Google APIs: http://www.google.com/apis/  Google voice search: http://labs.google .com/gvs.html  Google sets: http://labs.google.com/sets  Google catalog search: http://catalogs. google.com/  Google news search: http://news.google .com  Google weblog: http://google.blogspace .com/
EOF  Watch googleDorks.  Questions?

Recomendados

Hacking
HackingHacking
HackingAshish Ranjan
 
Google Hack
Google HackGoogle Hack
Google Hackmukundcpilankar
 
Introduction to google hacking database
Introduction to google hacking databaseIntroduction to google hacking database
Introduction to google hacking databaseimthebeginner
 
3 google hacking
3 google hacking3 google hacking
3 google hackingSyahmi Afiq Nizam
 
Find Full Text with Zotero
Find Full Text with ZoteroFind Full Text with Zotero
Find Full Text with ZoteroJohn Pell
 
How google search engine work
How google search engine workHow google search engine work
How google search engine workLạc Lạc
 
Google search architecture services in Hyderabad
Google search architecture services in HyderabadGoogle search architecture services in Hyderabad
Google search architecture services in HyderabadMartin James
 
Surfing the internet
Surfing the internetSurfing the internet
Surfing the internetEveferro
 

Recomendados

Hacking
HackingHacking
HackingAshish Ranjan
 
Google Hack
Google HackGoogle Hack
Google Hackmukundcpilankar
 
Introduction to google hacking database
Introduction to google hacking databaseIntroduction to google hacking database
Introduction to google hacking databaseimthebeginner
 
3 google hacking
3 google hacking3 google hacking
3 google hackingSyahmi Afiq Nizam
 
Find Full Text with Zotero
Find Full Text with ZoteroFind Full Text with Zotero
Find Full Text with ZoteroJohn Pell
 
How google search engine work
How google search engine workHow google search engine work
How google search engine workLạc Lạc
 
Google search architecture services in Hyderabad
Google search architecture services in HyderabadGoogle search architecture services in Hyderabad
Google search architecture services in HyderabadMartin James
 
Surfing the internet
Surfing the internetSurfing the internet
Surfing the internetEveferro
 
Google Search Operators: Power Tips
Google Search Operators: Power TipsGoogle Search Operators: Power Tips
Google Search Operators: Power TipsGranit Doshlaku
 
Google search techniques
Google search techniquesGoogle search techniques
Google search techniquesNirav Ranpara
 
Google operators
Google operatorsGoogle operators
Google operatorsIslamic University of Lebanon
 
Search engines coh m
Search engines coh mSearch engines coh m
Search engines coh mcpcmattc
 
Google Search Operators
Google Search OperatorsGoogle Search Operators
Google Search Operatorsjjs1981
 
Amrapali builders -- google cheatsheet.pdf
Amrapali builders -- google cheatsheet.pdfAmrapali builders -- google cheatsheet.pdf
Amrapali builders -- google cheatsheet.pdfamrapalibuildersreviews
 
IS Audit Course- Final Project ppt
IS Audit Course- Final Project pptIS Audit Course- Final Project ppt
IS Audit Course- Final Project pptShahzeb Pirzada
 
Mpl brownbag sept2011
Mpl brownbag sept2011Mpl brownbag sept2011
Mpl brownbag sept2011Jason Coleman
 
Google Search Presentation
Google Search PresentationGoogle Search Presentation
Google Search PresentationWFL Tech Trainer, Jen Farr
 
FII News
FII NewsFII News
FII NewsFlorin Floria
 
Search Engine
Search EngineSearch Engine
Search EngineRam Dutt Shukla
 
Google like a Pro
Google like a ProGoogle like a Pro
Google like a ProAnna Mortelliti Call
 
The Many Faces of Google
The Many Faces of GoogleThe Many Faces of Google
The Many Faces of GoogleJoel May
 
What is Google search operators
What is Google search operatorsWhat is Google search operators
What is Google search operatorsAK DigiHub
 
Zotero Competencies Workshop
Zotero Competencies WorkshopZotero Competencies Workshop
Zotero Competencies WorkshopJohn Pell
 
How to google
How to googleHow to google
How to googlemahajanmanu
 
Medical informatics
Medical informaticsMedical informatics
Medical informaticsHanaa Said
 
Internet Search Slideshow
Internet Search SlideshowInternet Search Slideshow
Internet Search Slideshowlockyerj
 
Search engines
Search enginesSearch engines
Search enginesSahiba Khurana
 
Effective search on_google
Effective search on_googleEffective search on_google
Effective search on_googleNipu Singh
 
Google hacking 2015
Google hacking 2015Google hacking 2015
Google hacking 2015gopartheredbuff
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 

Mais conteúdo relacionado

Mais procurados

Google Search Operators: Power Tips
Google Search Operators: Power TipsGoogle Search Operators: Power Tips
Google Search Operators: Power TipsGranit Doshlaku
 
Google search techniques
Google search techniquesGoogle search techniques
Google search techniquesNirav Ranpara
 
Search engines coh m
Search engines coh mSearch engines coh m
Search engines coh mcpcmattc
 
Google Search Operators
Google Search OperatorsGoogle Search Operators
Google Search Operatorsjjs1981
 
Amrapali builders -- google cheatsheet.pdf
Amrapali builders -- google cheatsheet.pdfAmrapali builders -- google cheatsheet.pdf
Amrapali builders -- google cheatsheet.pdfamrapalibuildersreviews
 
IS Audit Course- Final Project ppt
IS Audit Course- Final Project pptIS Audit Course- Final Project ppt
IS Audit Course- Final Project pptShahzeb Pirzada
 
Mpl brownbag sept2011
Mpl brownbag sept2011Mpl brownbag sept2011
Mpl brownbag sept2011Jason Coleman
 
The Many Faces of Google
The Many Faces of GoogleThe Many Faces of Google
The Many Faces of GoogleJoel May
 
What is Google search operators
What is Google search operatorsWhat is Google search operators
What is Google search operatorsAK DigiHub
 
Zotero Competencies Workshop
Zotero Competencies WorkshopZotero Competencies Workshop
Zotero Competencies WorkshopJohn Pell
 
Medical informatics
Medical informaticsMedical informatics
Medical informaticsHanaa Said
 
Internet Search Slideshow
Internet Search SlideshowInternet Search Slideshow
Internet Search Slideshowlockyerj
 
Effective search on_google
Effective search on_googleEffective search on_google
Effective search on_googleNipu Singh
 

Mais procurados (20)

Google Search Operators: Power Tips
Google Search Operators: Power TipsGoogle Search Operators: Power Tips
Google Search Operators: Power Tips
 
Google search techniques
Google search techniquesGoogle search techniques
Google search techniques
 
Google operators
Google operatorsGoogle operators
Google operators
 
Search engines coh m
Search engines coh mSearch engines coh m
Search engines coh m
 
Google Search Operators
Google Search OperatorsGoogle Search Operators
Google Search Operators
 
Amrapali builders -- google cheatsheet.pdf
Amrapali builders -- google cheatsheet.pdfAmrapali builders -- google cheatsheet.pdf
Amrapali builders -- google cheatsheet.pdf
 
IS Audit Course- Final Project ppt
IS Audit Course- Final Project pptIS Audit Course- Final Project ppt
IS Audit Course- Final Project ppt
 
Mpl brownbag sept2011
Mpl brownbag sept2011Mpl brownbag sept2011
Mpl brownbag sept2011
 
Google Search Presentation
Google Search PresentationGoogle Search Presentation
Google Search Presentation
 
FII News
FII NewsFII News
FII News
 
Search Engine
Search EngineSearch Engine
Search Engine
 
Google like a Pro
Google like a ProGoogle like a Pro
Google like a Pro
 
The Many Faces of Google
The Many Faces of GoogleThe Many Faces of Google
The Many Faces of Google
 
What is Google search operators
What is Google search operatorsWhat is Google search operators
What is Google search operators
 
Zotero Competencies Workshop
Zotero Competencies WorkshopZotero Competencies Workshop
Zotero Competencies Workshop
 
How to google
How to googleHow to google
How to google
 
Medical informatics
Medical informaticsMedical informatics
Medical informatics
 
Internet Search Slideshow
Internet Search SlideshowInternet Search Slideshow
Internet Search Slideshow
 
Search engines
Search enginesSearch engines
Search engines
 
Effective search on_google
Effective search on_googleEffective search on_google
Effective search on_google
 

Destaque

El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Composición básica de dorks
Composición básica de dorksComposición básica de dorks
Composición básica de dorksTensor
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Rob Ragan
 
The Web, The User and the Library (and why to get in between)
The Web, The User and the Library (and why to get in between)The Web, The User and the Library (and why to get in between)
The Web, The User and the Library (and why to get in between)Guus van den Brekel
 
Sample exam information_security_foundation_latin_american_spanish
Sample exam information_security_foundation_latin_american_spanishSample exam information_security_foundation_latin_american_spanish
Sample exam information_security_foundation_latin_american_spanishedu25
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKINGSHERALI445
 
Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commonsamiable_indian
 
Circular Economy - And Open Source + Hacking As Paths To It
Circular Economy - And Open Source + Hacking As Paths To It Circular Economy - And Open Source + Hacking As Paths To It
Circular Economy - And Open Source + Hacking As Paths To It Lars Zimmermann
 
How To Be A Hacker
How To Be A HackerHow To Be A Hacker
How To Be A HackerPaul Tarjan
 
Athens Bullseye Meetup #1
Athens Bullseye Meetup #1Athens Bullseye Meetup #1
Athens Bullseye Meetup #1GrowthRocks
 
2010: A Web Hacking Odyssey - Top Ten Hacks of the Year
2010: A Web Hacking Odyssey - Top Ten Hacks of the Year2010: A Web Hacking Odyssey - Top Ten Hacks of the Year
2010: A Web Hacking Odyssey - Top Ten Hacks of the YearJeremiah Grossman
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonMalachi Jones
 

Destaque (20)

Google hacking 2015
Google hacking 2015Google hacking 2015
Google hacking 2015
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Composición básica de dorks
Composición básica de dorksComposición básica de dorks
Composición básica de dorks
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
 
The Web, The User and the Library (and why to get in between)
The Web, The User and the Library (and why to get in between)The Web, The User and the Library (and why to get in between)
The Web, The User and the Library (and why to get in between)
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-Updated
 
Sample exam information_security_foundation_latin_american_spanish
Sample exam information_security_foundation_latin_american_spanishSample exam information_security_foundation_latin_american_spanish
Sample exam information_security_foundation_latin_american_spanish
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
 
Google Dorks
Google DorksGoogle Dorks
Google Dorks
 
Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
 
Circular Economy - And Open Source + Hacking As Paths To It
Circular Economy - And Open Source + Hacking As Paths To It Circular Economy - And Open Source + Hacking As Paths To It
Circular Economy - And Open Source + Hacking As Paths To It
 
Dangerous google dorks
Dangerous google dorksDangerous google dorks
Dangerous google dorks
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basics
 
How To Be A Hacker
How To Be A HackerHow To Be A Hacker
How To Be A Hacker
 
Hacking For Innovation Delhi
Hacking For Innovation DelhiHacking For Innovation Delhi
Hacking For Innovation Delhi
 
Athens Bullseye Meetup #1
Athens Bullseye Meetup #1Athens Bullseye Meetup #1
Athens Bullseye Meetup #1
 
2010: A Web Hacking Odyssey - Top Ten Hacks of the Year
2010: A Web Hacking Odyssey - Top Ten Hacks of the Year2010: A Web Hacking Odyssey - Top Ten Hacks of the Year
2010: A Web Hacking Odyssey - Top Ten Hacks of the Year
 
Hacking For Innovation
Hacking For InnovationHacking For Innovation
Hacking For Innovation
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with Python
 
Google Dorks and SQL Injection
Google Dorks and SQL InjectionGoogle Dorks and SQL Injection
Google Dorks and SQL Injection
 

Semelhante a First Improvised Security Conference Google Search

Web searching
Web searchingWeb searching
Web searchingITOCA
 
Tips on Searching for files on the Internet
Tips on Searching for files on the InternetTips on Searching for files on the Internet
Tips on Searching for files on the InternetWebmaster
 
Internet Searching
Internet SearchingInternet Searching
Internet SearchingWebmaster
 
Google and google scholar
Google and google scholarGoogle and google scholar
Google and google scholarJoelle Pitts
 
Google and google scholar
Google and google scholarGoogle and google scholar
Google and google scholarJoelle Pitts
 
Wk5 contextualized onlinesearchandresearchskills
Wk5 contextualized onlinesearchandresearchskillsWk5 contextualized onlinesearchandresearchskills
Wk5 contextualized onlinesearchandresearchskillsResty Aldana
 
Google and Beyond
Google and BeyondGoogle and Beyond
Google and Beyondemaslyukova
 
Google and Google Scholar
Google and Google ScholarGoogle and Google Scholar
Google and Google Scholarjopitts
 
Google and Google Scholar
Google and Google ScholarGoogle and Google Scholar
Google and Google Scholarjopitts
 
Unit3advgoogle
Unit3advgoogleUnit3advgoogle
Unit3advgooglecdelson
 
Google search techniques
Google search techniquesGoogle search techniques
Google search techniquesNirav Ranpara
 
Google Search: Features and Capabilities
Google Search: Features and CapabilitiesGoogle Search: Features and Capabilities
Google Search: Features and CapabilitiesCRRC-Armenia
 
Google guide by Company Chargers blog
Google guide by Company Chargers blogGoogle guide by Company Chargers blog
Google guide by Company Chargers blogsom sek
 
Extreme Googling: Tips & Tricks For Expert Searching
Extreme Googling: Tips & Tricks For Expert SearchingExtreme Googling: Tips & Tricks For Expert Searching
Extreme Googling: Tips & Tricks For Expert SearchingMartha Hardy
 
Cheatsheet: Google Search
Cheatsheet: Google SearchCheatsheet: Google Search
Cheatsheet: Google SearchKasper de Waard
 

Semelhante a First Improvised Security Conference Google Search (20)

Web searching
Web searchingWeb searching
Web searching
 
Tips on Searching for files on the Internet
Tips on Searching for files on the InternetTips on Searching for files on the Internet
Tips on Searching for files on the Internet
 
Internet Searching
Internet SearchingInternet Searching
Internet Searching
 
Google and google scholar
Google and google scholarGoogle and google scholar
Google and google scholar
 
Google and google scholar
Google and google scholarGoogle and google scholar
Google and google scholar
 
Wk5 contextualized onlinesearchandresearchskills
Wk5 contextualized onlinesearchandresearchskillsWk5 contextualized onlinesearchandresearchskills
Wk5 contextualized onlinesearchandresearchskills
 
Google and Beyond
Google and BeyondGoogle and Beyond
Google and Beyond
 
Google and Google Scholar
Google and Google ScholarGoogle and Google Scholar
Google and Google Scholar
 
Google and Google Scholar
Google and Google ScholarGoogle and Google Scholar
Google and Google Scholar
 
Unit3advgoogle
Unit3advgoogleUnit3advgoogle
Unit3advgoogle
 
Google power search
Google power searchGoogle power search
Google power search
 
Google search techniques
Google search techniquesGoogle search techniques
Google search techniques
 
Advanced google
Advanced googleAdvanced google
Advanced google
 
Google Search: Features and Capabilities
Google Search: Features and CapabilitiesGoogle Search: Features and Capabilities
Google Search: Features and Capabilities
 
Google guide by Company Chargers blog
Google guide by Company Chargers blogGoogle guide by Company Chargers blog
Google guide by Company Chargers blog
 
Pdfsamplefile-aacb4
Pdfsamplefile-aacb4Pdfsamplefile-aacb4
Pdfsamplefile-aacb4
 
Pdfsamplefile
PdfsamplefilePdfsamplefile
Pdfsamplefile
 
Extreme Googling: Tips & Tricks For Expert Searching
Extreme Googling: Tips & Tricks For Expert SearchingExtreme Googling: Tips & Tricks For Expert Searching
Extreme Googling: Tips & Tricks For Expert Searching
 
Cheatsheet: Google Search
Cheatsheet: Google SearchCheatsheet: Google Search
Cheatsheet: Google Search
 
Google Search Cheat Sheet
Google Search Cheat SheetGoogle Search Cheat Sheet
Google Search Cheat Sheet
 

Mais de Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 

Mais de Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 
Cisco Equipment Security
Cisco Equipment SecurityCisco Equipment Security
Cisco Equipment Security
 

Último

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Último (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

First Improvised Security Conference Google Search

  • 1. First Improvised Security Testing Conference Madrid, 8th August 2003 Advanced Google Sear ching Google as a hacking tool Author: Johnny Long johnny@ihackstuff.com http://johnny.ihackstuff.com Speaker: Vicente Aceituno
  • 2. Why Google?  Google caches all crawled web pages  Google provides instant response  Google provides document translations  Google provides language translation  Google provides web, news, catalog and ftp searches  Google is cool
  • 3. Index Google Searching Default Web pages Directory listings Finding files Googlescan tools Rise of the Robots Prevention
  • 4. Google Searching  Google provides a great deal of information about using it’s search engine in it’s fullest capacity.  The following tables are copied verbatim from Google’s usage documents
  • 5. Basic Searching Special Query Example Query Description Capability If a common word is essential to getting the results you Include Query Star Wars Episode want, you can include it by putting a "+" sign in Term +I front of it. You can exclude a word from your search by putting a Exclude Query bass -music minus sign ("-") immediately in front of the term you Term want to exclude from the search results. Search for complete phrases by enclosing them in quotation marks or connecting them with hyphens. Words marked in this way will appear together in Phrase Search "yellow pages" all results exactly as entered. Note: You may need to use a "+" to force inclusion of common words in a phrase. Google search supports the Boolean "OR" operator. To Boolean OR vacation london OR retrieve pages that include either word A or word Search paris B, use an uppercase OR between terms.
  • 6. Filtering/Exclusion The query prefix "filetype:" filters the results returned to include only documents with the extension specified immediately after. Note there can be no space Google filetype:doc OR File Type Filtering between "filetype:" and the specified filetype:pdf extension. Note: Multiple file types can be included in a filtered search by adding more "filetype:" terms to the search query. The query prefix "-filetype:" filters the results to exclude documents with the extension specified immediately after. Google -filetype:doc - Note there can be no space between "- File Type Exclusion filetype:pdf filetype:" and the specified extension. Note: Multiple file types can be excluded in a filtered search by adding more "- filetype:" terms to the search query.
  • 7. Filtering site/date If you know the specific web site you want to search but aren’t sure where the information is located within that site, you can use Google to search only within a specific web site. Do this by entering your query followed by the Site Restricted admission site:www.stanford.edu string “site:” followed by the host name. Search Note: The exclusion operator (“-“) can be applied to this query term to remove a web site from consideration in the search. Note: Only one site: term per query is supported. If you want to limit your results to documents that were published within a specific date range, then you can use the “daterange: “ query term to accomplish this. The “daterange:” query term must be in the following format: daterange:<start_date>-<end date> where Date Restricted Star Wars daterange:2452122- <start_date> = Julian date indicating the start of Search 2452234 the date range <end_date> = Julian date indicating the end of the date range The Julian date is calculated by the number of days since January 1, 4713 BC. For example, the Julian date for August 1, 2001 is 2452122.
  • 8. Title searching If you prepend "intitle:" to a query term, Google search restricts the results to documents containing that word in the title. Note there can be no space between Title Search (term) intitle:Google search the "intitle:" and the following word. Note: Putting "intitle:" in front of every word in your query is equivalent to putting "allintitle:" at the front of your query. Starting a query with the term "allintitle:" Title Search (all) allintitle: Google search restricts the results to those with all of the query words in the title.
  • 9. URL Searches If you prepend "inurl:" to a query term, Google search restricts the results to documents containing that word in the result URL. Note there can be no space between the "inurl:" and the following word. Note: "inurl:" works only on words , not URL components. In particular, it ignores URL Search (term) inurl:Google search punctuation and uses only the first word following the "inurl:" operator. To find multiple words in a result URL, use the "inurl:" operator for each word. Note: Putting "inurl:" in front of every word in your query is equivalent to putting "allinurl:" at the front of your query. Starting a query with the term "allinurl:" restricts the results to those with all of the query words in the result URL. Note: "allinurl:" works only on words, not URL components. In particular, it ignores punctuation. Thus, "allinurl: foo/bar" restricts URL Search (all) allinurl: Google search the results to pages with the words "foo" and "bar" in the URL, but does not require that they be separated by a slash within that URL, that they be adjacent, or that they be in that particular word order. There is currently no way to enforce these constraints.
  • 10. Text/Link Searching Starting a query with the term “allintext:” allintext: Google restricts the results to those with all of Text Only Search (all) search the query words in only the body text, ignoring link, URL, and title matches. Starting a query with the term “allinlinks:” allinlinks: Google restricts the results to those with all of Links Only Search (all) search the query words in the URL links on the page.
  • 11. Link Searches The query prefix "link:" lists web pages that have links to the specified web page. Note there can be no space between Back Links link:www.google.com "link:" and the web page URL. Note: No other query terms can be specified when using this special query term. The query prefix "related:" lists web pages that are similar to the specified web related:www.google.co page. Note there can be no space Related Links m between "link:" and the web page URL. Note: No other query terms can be specified when using this special query term.
  • 12. Translation service Google offers a very nice language translation service.
  • 13. Tricks  When www.google.com is not available, try www2.google.com or www3.google.com.  Reading the google’s cache can prevent filters to know what page are you seeing.  You can get the same result we trick an english-to-english translation. http://translate.google.com/translate (main URL) ?u=http://www.defcon.org&langpair=en|en (options)
  • 15. Windows-based default server intitle:"Welcome to Windows 2000 Internet Services"
  • 16. Windows-based default server intitle:"Under construction" "does not currently have"
  • 17. Windows NT 4.0 intitle:“Welcome to IIS 4.0"
  • 18. OpenBSD/Apache (scalp=) “powered by Apache” “powered by openbsd"
  • 19. Apache 1.2.6 Intitle:”Test Page for Apache” “It Worked!”
  • 20. Apache 1.3.0 – 1.3.9 Intitle:”Test Page for Apache” “It worked!” “this web site!”
  • 21. Apache 1.3.11 - 1.3.26 "seeing this instead" intitle:"Test Page for Apache"
  • 22. Apache 2.0 Intitle:”Simple page for Apache” “Apache Hook Functions”
  • 23. Apache Version Info Apache Number of Version Servers 1.3.6 119,000.00 1.3.3 151,000.00 1.3.14 159,000.00 1.3.24 171,000.00 Google told 1.3.9 203,000.00 us all this. 2.0.39 256,000.00 We’ll discuss 1.3.23 259,000.00 how in the next section. 1.3.19 260,000.00 1.3.12 300,000.00 1.3.20 353,000.00 1.3.22 495,000.00 1.3.26 896,000.00
  • 25. Directory Listings  Directory listings are often misconfigurations in the web server.  A directory listing shows a list of files in a directory as opposed to presenting a web page.  Directory listings can provide very useful information.
  • 26. Directory Example Intitle:”Index of” This query serves as the basis for all directory searches…
  • 27. Directory Info Gathering Some servers, like Apache, generate a server version tag.
  • 28. Esoteric Apache Versioning Esoteric Apache Versions found on Google query: intitle:"Index of" "Apache/[ver] Server at" Number of Servers 80000 69,300 64,200 65,000 70000 60,500 62,900 60000 45,200 50000 40000 27,300 30000 20000 9,400 10000 33 30 245 310 5 207 93 74 61 3 9 20 2 1 30 474 ,1 1 20 ,1 739 0 1.3.26+interserver 1.3.xx 1.3.4-dev 1.3.7-dev 2.0.40-dev 1.3.15-dev 1.3.21-dev 1.3.23-dev 1.3.24-dev 2.0.37-dev 1.3.17-HOF 1.2.6 1.3.0 1.3.1 1.3.2 1.3.4 1.3.11 1.3.17 2.0.16 2.0.18 2.0.28 2.0.32 2.0.35 2.0.36 1.3b6 Ap a c h e V e r s io n
  • 29. Common Apache Versioning Common Apache Versions found on Google query: intitle:"Index of" "Apache/[ver] Server at" 1.000.000,00 896.000 Number of Servers 800.000,00 600.000,00 495.000 353.000 400.000,00 300.000 260.000 259.000 256.000 159.000 171.000 151.000 203.000 200.000,00 119.000 0,00 1.3.12 1.3.14 1.3.19 1.3.20 1.3.22 1.3.23 1.3.24 1.3.26 2.0.39 1.3.3 1.3.6 1.3.9 Apache Server Version
  • 31. test-cgi Intitle:”Index of” test-cgi
  • 32. ws_ftp.log Intitle:”Index of” ws_ftp.log
  • 33. Secring.pgp Intitle:”Index of” secring.php
  • 34. config.php Intitle:”Index of” config.php
  • 35. administrators.pwd Intitle:”Index of” administrators.pwd
  • 36. ws_ftp.ini Intitle:”Index of” ws_ftp.ini Tip: Got to http://www.hispasec.com/directorio/laboratorio/Software/ws_ftp.html
  • 37. .htpasswd Intitle:”Index of” .htpasswd
  • 38. .htpasswd Intitle:”Index of” .htpasswd
  • 39. /etc/shadow Intitle:”Index of” etc shadow
  • 41. Googlescan  With a known set of file-based web vulnerabilities, a vulnerability scanner based on search engines is certainly a reality.
  • 42. Googlescan … /scancfg.cgi /cgi-bin/CrazyWWWBoard.cgi Armed with a list /cgi-bin/pals-cgi of cgi exploits /ROADS/cgi-bin/search.pl from any /way-board/way-board.cgi common CGI /cgi-bin/replicator/webpage.cgi scanner… /cgi-bin/auktion.pl /cgi-bin/webspirs.cgi /cgi-bin/ipf/etc/gfw/ui/pwd.dat /cgi-bin/hsx.cgi /cgi-bin/mailnews.cgi /cgi-bin/adcycle /cgi-bin/post-query /cgi-bin/ikonboard/help.cgi /cgi-bin/webspirs.cgi …
  • 43. Googlescan.sh rm temp awk -F"/" '{print $NF"|http://www.google.com/search?q= intitle%3A%22Index+of%22+"$NF}' vuln_files > queries for query in `cat queries` do echo -n $query"|" >> temp echo $query | awk -F"|" '{print $2}' lynx -source `echo $query | awk -F"|" '{print $2}'` | grep "of about" | awk -F "of about" '{print $2}' | awk -F"." '{print $1}' | tr -d "</b>[:cntrl:] " >> temp echo " " >> temp Done cat temp | awk -F"|" '{print "<A HREF="" $2 "">" $1 " (" $3 "hits) </A><BR><BR>"}' | grep -v "(1,770,000" > report.html
  • 44. Googlescan.sh  A simple shell script presents an html- formatted list of potentially vulnerable or interesting web servers.
  • 49. Rise of the Robots  Michal Zalewski wrote a great article for Phrack (57/10) which presented the idea of the use of autonomous search robots in server exploitation
  • 50. Rise of the Robots “Consider a remote exploit that is able to compromise a remote system without sending any attack code to his victim. Consider an exploit which simply creates local file to compromise thousands of computers, and which does not involve any local resources in the attack. Welcome to the world of zero-effort exploit techniques. Welcome to the world of automation, welcome to the world of anonymous, dramatically difficult to stop attacks resulting from increasing Internet complexity.” –Michal Zalewski
  • 51. The Concept  Web robots crawl a web page indexing files it is allowed to find.  Any links that are found on the indexed pages are followed as well.  Instead of standard web links, create a payload of “exploit” links for the crawlers to consume.
  • 52. Simple Example Michal presents the following example links on his indexed web page: http://somehost/cgi-bin/script.pl?p1=../../../../attack http://somehost/cgi-bin/script.pl?p1=;attack http://somehost/cgi-bin/script.pl?p1=|attack http://somehost/cgi-bin/script.pl?p1=`attack` http://somehost/cgi-bin/script.pl?p1=$(attack) http://somehost:54321/attack?`id` http://somehost/AAAAAAAAAAAAAAAAAAAAA...
  • 53. Simple Example  The robots followed all the links as written, including connecting to non-http ports.  The robots followed the “attack links,” performing the attack completely unaware.
  • 54. Think Big  Michael goes on to postulate that randomly generated, massive lists would cause much more of a problem.  A simple PERL or CGI script randomly generating attack links in the thousands and teens of thousands would create a huge problem!  Who would be liable?
  • 55. Google doesn’t stop  Tomorrow there will be even more sofisticated features…try this:  http://labs1.google.com/cgi-bin/gviewer.cgi?q= intitle%3Aindex.of.private&delay=8&start=0  http://labs.google.com/sets?hl=en&q1=password& passwd&q3=shadow&q4=etc&q5=&btn =Large+Set
  • 57. Advice  Google says it isn’t Google’s fault.  Google is very happy to remove references. See http://www.google.com/remove.html.  Follow the webmaster’s advice found at http://www.google.com/webmasters/  Get smarter.
  • 58. /misc: “Google Hacks” There is this book. And it’s an O’REILLY book. But it’s not about hacking. It’s about searching.
  • 59. Google Hotspots  Google APIs: http://www.google.com/apis/  Google voice search: http://labs.google .com/gvs.html  Google sets: http://labs.google.com/sets  Google catalog search: http://catalogs. google.com/  Google news search: http://news.google .com  Google weblog: http://google.blogspace .com/

Notas do Editor

  1. Esta herramienta usa búsquedas de palabras individuales en un dominio determinado.